Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ibm

Maximo Asset Management

22 Versions 78 CVEs

Versions

7.6

MAJOR_MINOR 35 CVEs

7.6.1.2

OTHER 7 CVEs

7.1.1

SEMANTIC 5 CVEs

7.6.2.3

OTHER 6 CVEs

7.6.1.1, 7.6.1.2, 7.6.1.3

OTHER 2 CVEs

7.6.1

SEMANTIC 21 CVEs

7.6.2.1

OTHER 6 CVEs

7.6.0.1

OTHER 7 CVEs

7.6.2.2

OTHER 6 CVEs

7.1

MAJOR_MINOR 5 CVEs

7.6.3

SEMANTIC 6 CVEs

7.5

MAJOR_MINOR 13 CVEs

7.6.0.2

OTHER 1 CVE

7.6.2.4

OTHER 6 CVEs

7.6.1.2 , 7.6.1.3

OTHER 1 CVE

7.6.1.2, 7.6.1.3

OTHER 5 CVEs

7.6.2

SEMANTIC 6 CVEs

7.6.0.10

OTHER 2 CVEs

7.6.1.1

OTHER 10 CVEs

7.6.1.0

OTHER 1 CVE

7.6.0

SEMANTIC 20 CVEs

7.6.1.3

OTHER 9 CVEs

Recent CVEs

CVE-2024-45652

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

MEDIUM

CVE-2024-45088

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

MEDIUM Nov 11, 2024

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.

LOW Jun 13, 2024

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.

HIGH Mar 14, 2024

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.

LOW Mar 13, 2024

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.

MEDIUM Mar 13, 2024

CVE-2023-32333

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.

MEDIUM Feb 02, 2024

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

MEDIUM Jan 19, 2024

CVE-2022-40616

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.

MEDIUM Sep 21, 2022